[remram]

Can a user make a hard link to a file they don't own? How does this attack work?

[tadfisher]

These links (pun unfortunate) should help:

https://sysctl-explorer.net/fs/protected_hardlinks/

http://michael.orlitzky.com/articles/posix_hardlink_heartach...

[remram]

Answer: fs.protected_hardlinks=1 is what prevents the creation of hardlinks to files you don't own. It's on by default on all machines I checked though.

https://github.com/torvalds/linux/commit/800179c9b8a1e796e44...

Without this, a whole lot of attacks are possible with hardlinks.